Investigate Capa Root Cause

ISO 13485 internal audit expertise for medical device QMS. Covers audit planning, execution, nonconformity classification, and CAPA verification. Use for internal audit planning, audit execution, finding classification, external audit preparation, or audit program management.

Prepare an organisation for regulatory inspection by assessing readiness against agency-specific focus areas (FDA, EMA, MHRA). Covers warning letter and 483 theme analysis, mock inspection protocols, document bundle preparation, inspection logistics, and response template creation. Use when a regulatory inspection has been announced or is anticipated, when a periodic self-assessment is due, when new systems have been implemented since the last inspection, or after a significant audit finding that may attract regulatory attention.

Design and operate a data integrity monitoring programme based on ALCOA+ principles. Covers detective controls, audit trail review schedules, anomaly detection patterns (off-hours activity, sequential modifications, bulk changes), metrics dashboards, investigation triggers, and escalation matrix definition. Use when establishing a data integrity monitoring programme for GxP systems, preparing for inspections where data integrity is a focus area, after a data integrity incident requiring enhanced monitoring, or when implementing MHRA, WHO, or PIC/S guidance.

Manage change control for validated computerized systems. Covers change request triage (emergency, standard, minor), impact assessment on validated state, revalidation scope determination, approval workflows, implementation tracking, and post-change verification. Use when a validated system requires a software upgrade, patch, or configuration change; when infrastructure changes affect validated systems; when a CAPA requires system modification; or when emergency changes need expedited approval and retrospective documentation.

Implement electronic signatures compliant with 21 CFR Part 11 Subpart C and EU Annex 11. Covers signature manifestation (signer, date/time, meaning), signature-to-record binding, biometric vs non-biometric controls, policy creation, and user certification requirements. Use when a computerized system requires legally binding electronic signatures for GxP records, when replacing wet-ink signatures in regulated workflows, when implementing batch release or document approval workflows, or when a regulatory gap reveals missing signature controls.

Design a GxP training programme covering training needs analysis by role, curriculum design (regulatory awareness, system-specific, data integrity), competency assessment criteria, training record retention, and retraining triggers for SOP revisions and incidents. Use when a new validated system requires user training before go-live, an audit finding cites inadequate training, organisational changes introduce new roles, a periodic programme review is due, or inspection preparation requires demonstrating training adequacy.